#11037 closed (duplicate)
Support HTTPOnly cookie for HttpResponse.set_cookie
| Reported by: | Henrik Vendelbo | Owned by: | nobody |
|---|---|---|---|
| Component: | HTTP handling | Version: | master |
| Severity: | Keywords: | ||
| Cc: | Triage Stage: | Design decision needed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | UI/UX: |
Description
Most browsers has some support for HTTPOnly cookies. It provides some protection against XSS attacks.
http://www.owasp.org/index.php/HTTPOnly
I've added another optional parameter to the set_cookie method. I also figured that it should be possible to make the sessionid use the flag.
Attachments (1)
Change History (4)
comment:1 Changed 8 years ago by
| Has patch: | unset |
|---|---|
| milestone: | 1.1 |
| Triage Stage: | Unreviewed → Design decision needed |
comment:2 Changed 8 years ago by
| Resolution: | → duplicate |
|---|---|
| Status: | new → closed |
Duplicate of #3304. Please search the existing ticket list before submitting new tickets.
Changed 8 years ago by
| Attachment: | 11037.diff added |
|---|
comment:3 Changed 8 years ago by
I did search for httponly and set_cookie, didn't find anything
Anyway, I added a couple of doctests for HttpResponse that might be useful
Note: See
TracTickets for help on using
tickets.
It's too late for new features in 1.1.